03/13/2018 | Episode 18
Patrick Presto is a researcher at NYU who spent years handling risk management at Square.
Evan: Welcome to Trust & Safety in Numbers presented by Sift Science. I’m your host, Evan Ramzipoor. We all that know cryptocurrency is important. Pretty much anyone can tell you that right now. But why is it important? What even is it? How does it pose new and exciting problems for trust and safety online? That’s far less clear. Today, I’m sitting down with Patrick Pesto who used to handle risk monitoring at Square and who’s now studying cryptocurrency in a graduate program at NYU. Patrick is going to shed some light on why cryptocurrency matters for the way we transact online and how it’s creating new fraud challenges for trust and safety teams. But first, let’s warm up with a quick fraud fact. Did you know that 48% of businesses saw a rise in account takeover in 2016? For more information, check out “A Snapshot of Account Takeover” on the Sift Science Blog. Now onto the interview. So why does this matter? Why should people in the fraud and abuse space care about cryptocurrency?
Patrick: Chase, Bank of America and Citibank recently disclose that they’re going to prevent credit card purchases dealing with cryptocurrencies. And I thought it was really interesting and smart, quite frankly, just because if I’m able to buy cryptocurrency with my credit card and, say, I bought a crypto that sank in value. There’s nothing stopping me from calling my bank and being like, “Hey, I’m really upset with my purchase. I’m not paying for this.” It creates a really long like stream of, you know, administrative work for everybody involved.
Evan: So wait. These banks themselves were selling cryptocurrency or the cards were just being used to buy cryptocurrency?
Patrick: So, a lot of cryptocurrency exchanges like when you think about exchanges if you want to buy currencies, these alternative coins or whatever, you either do bank transfers or, you know, sometimes they even allow you to buy using your credit card, but then they’ll charge you an absurd fee. I mean, having a revolving credit line in effect allows you to buy whatever you want, but it was only recently that some of the major banks started actively saying, “We’re going to prevent these charges.”
Evan: Let’s back up a bit because I know many people who are listening to this interview, myself included, aren’t a hundred percent clear on what cryptocurrency is. Can you give me a quick definition?
Patrick: Cryptocurrencies are basically a form of like digital currencies, they are virtual or they’re alternative in nature, but a lot of them are designed to work and have a utility function and so they can work as a medium for exchange. And the thing that distinguishes cryptocurrency is the underlying technology behind it, is a combination of cryptography, time-stamping, the process of mining. It’s basically a suite of technologies working together securing this as sort of like a form of currency.
Evan: So now that we have the foundation, tell me a little bit about your research. You’re currently doing your Master’s thesis on cryptocurrency, is that right?
Patrick: It’s currency, but like the subtext is cryptocurrencies. I think there’s a lot to explore when we think about just currency in general and like, you know, different cultures, different, you know, like international currencies because I think that’s the one thing that’s fascinating about these cryptocurrencies is, as we know currencies today, they’re just distributed by nation states. But cryptocurrency is there are no borders, so I think this is why it causes a lot of media, you know, attention around like, “How do we regulate this? Should we regulate it?”
Evan: He’s got a point. We can think about various currencies as countries. Bear with me for a minute. They’re regulated in a top-down way. There are rules, institutions, a hierarchy, but cryptocurrencies are like non-state actors. There’s no top-down regulation or hierarchical structure. That violates everything we think we know about typical currencies. So we have a system that seems totally unregulated, at least from the outside. What kinds of fraud problems does that create? Are there entirely new problems we haven’t even imagined yet?
Patrick: Fraud as a broad term is really tough to pinpoint here. Things I really ask myself though is, “Is it fraud if a cryptocurrency exchange doesn’t properly secure its customers’ private keys?” or something. Or, “Is it fraud when a hacker drains funds from an exchange?” Like there’s different angles to like really defining fraud here, but there’s actually… I guess to answer your question, there’s interesting incidents that are happening now that actually are just from like an old-school playbook of fraud. So there’s an example I was just researching the other day about Prodeum. Prodeum is basically another company that was going to hold an ICO, which is just another way of fundraising. And what happened there is they were victims of basically identity theft. So basically someone had set up a fake website and pretended that they were Prodeum and had advisors of who were running this online, and then basically tried to run an ICO and it failed miserably. And the next day, the website that was promoting the ICO went blank and there was just text on the web page saying, “Penis.”
There were these other two companies, I think what were they called? Experty and Bee Token. These were another set of companies that were basically going to run an ICO, and some scammers got a hold of their branding. Basically, they sent a phishing e-mail to a bunch of people saying, “Hey, get a discount on this token. Here’s this address. Send money here.” And basically, what ended up happening is they were able to take almost like $150,000 and just run with it. That’s a long-winded way of saying like, this is how I think this is the early forms of how fraud is taking over in some of these spaces.
Evan: See, you can begin to see a common thread here. There seems to be some truth to the adage that there’s nothing new under the sun. Fraudsters are taking old tried-and-true schemes and repurposing them in the era of cryptocurrency. But because the cryptocurrency landscape is still so new, no one has been ready for it. No one has known what to expect? If we have a way of making transactions online that’s basically peer-to-peer, does that fundamentally change the way we should conceptualize buying and selling stuff online? Or is cryptocurrency basically the same thing as like PayPal or Venmo, but it’s just decentralized?
Patrick: Transacting online for the future really still comes down to this idea of trust. Trust is fundamentally at the core of everything. So when I look at CF currencies, you basically trust your government and that it will be stable. When you think about internet companies, so like at Square, if I’m a merchant, “Am I going to trust if Square is going to be up and running?” Or with Sift Science, “Am I going to trust Sift Science is going to like catch fraud like they say?” So it’s not so much of how do we rethink this, but how do we continually think about trust with how we do anything online? I think fundamentally when I think about cryptocurrencies, Blockchain technology, I mean, this is just new entrance to how the modern-day world works.
I mean, Blockchain at the core of it is just a mutable database, you know. And cryptocurrencies are almost… They’re like keys to, you know, utilize whatever protocol. All of these protocols are going to be designed, developed, and released. All these new decentralized apps are all soon to go out there. But at the core of it, how do you trust people to use them? I don’t know. Like when I think about the question of, “How do we rethink about transacting online?” Honestly, I think we should be thinking about it now because the things we use today inherently we still need to build trust in them.
Evan: So you used to work in chargebacks. How are you drawing on your knowledge of that space to think about cryptocurrency going forward?
Patrick: When I think about my early career and working in chargebacks, trust plays a huge role in it, right? Like if you own a credit card, you trust your bank that they will help mediate whatever. And at Square, you know, if you were transacting with us, you trusted us that we would help resolve a dispute. So like it all in some ways comes full circle and trust can be looked at in a various wide range of services that are either online or offline right now.
Evan: That was Patrick Presto. Thanks for joining me on Trust & Safety in Numbers. Until next time, stay vigilant, fraud fighters.
Learn more about what sets Sift Science’s machine learning apart.
With billions of compromised credentials already in criminals’ hands, how do you protect your users’ accounts, your brand, and your bottom line?